WordPress Plugin Vulnerabilities

Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI < 3.37.3 - Authenticated (Subscriber+) Information Exposure

Description

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.37.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
simple-tags
Fixed in 3.37.3

References

CVE
CVE-2025-55710
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d63a8ec5-043d-4263-a7f3-8c117d1fb0b7

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Que Thanh Tuan
Verified
No
WPVDB ID
ef49e7fc-79d0-488b-8ae8-cc54bfa9be29

Timeline

Publicly Published
2025-08-14 (about 10 months ago)
Added
2025-08-19 (about 10 months ago)
Last Updated
2025-08-19 (about 10 months ago)

Other

Published
Title
Published
2026-06-03
Title
Backup, Restore and Migrate your sites with XCloner < 4.8.7 - Authenticated (Subscriber+) Information Exposure
Published
2025-09-26
Title
CoSchedule < 3.4.0 - Unauthenticated Sensitive Information Exposure
Published
2020-12-07
Title
Easy WP SMTP < 1.4.3 - Debug Log Disclosure
Published
2025-04-04
Title
1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure
Published
2024-09-24
Title
MAS Static Content < 1.0.9 - Authenticated (Contributor+) Private Static Content Page Disclosure